
The executive guide to generative AI

Read more

Configuring the TLS version


Elastic Cloud Enterprise 2.4.0 and later defaults to minimum TLS version 1.2 with a modern set of cipher suites.

Elastic Cloud Enterprise version

Default minimum TLS version

Default allowed cipher suites

2.4.0 and later

TLS 1.2


2.3.1 and earlier

TLS 1.0


You can bring back the legacy behavior by running the following script. Note that this requires a proxy restart.

  1. On a host that holds the director role:

    docker run \
    -v ~/.found-shell:/elastic_cloud_apps/shell/.found-shell \
    --env SHELL_ZK_AUTH=$(docker exec -it frc-directors-director bash -c 'echo -n $FOUND_ZK_READWRITE') $(docker inspect -f '{{ range .HostConfig.ExtraHosts }} --add-host {{.}} {{ end }}' frc-directors-director)  \
    --env \
    --rm -it \
    $(docker inspect -f '{{ .Config.Image }}' frc-directors-director) \
  2. On all of the proxy hosts:

    docker rm -f frc-proxies-proxyv2

To reset back to the default behavior of using TLSv1.2 and a modern cipher suite, you can run the following code.

  1. On a host that holds the director role:

    docker run \
    -v ~/.found-shell:/elastic_cloud_apps/shell/.found-shell \
    --env SHELL_ZK_AUTH=$(docker exec -it frc-directors-director bash -c 'echo -n $FOUND_ZK_READWRITE') $(docker inspect -f '{{ range .HostConfig.ExtraHosts }} --add-host {{.}} {{ end }}' frc-directors-director)  \
    --env \
    --rm -it \
    $(docker inspect -f '{{ .Config.Image }}' frc-directors-director) \
  2. On all of the proxy hosts:

    docker rm -f frc-proxies-proxyv2
Was this helpful?